EAP library

Alan DeKok aland at deployingradius.com
Fri Jul 10 16:41:14 EDT 2015


On Jul 10, 2015, at 4:31 PM, David Woodhouse <dwmw2 at infradead.org> wrote:
> Junos Pulse uses EAP (including EAP-TLS) over TNC IF-T (over TLS). I'd
> *really* like to avoid having to reinvent the wheel, and I'm looking
> longingly at the EAP implementation in wpa_supplicant.
> 
> Is there any prospect of making it into a library that can be used by
> external projects? Or should I just plan on copying code from it?

  Speaking only for myself, the code *should* be re-used.  It's BSD licensed.  Re-using it is *infinitely* better than writing your own EAP stack.

  As someone who's done a lot of RADIUS, *please* don't write your own EAP stack.  Most vendors who have done this get it wrong.  Very, very, wrong.  Please re-use the EAP code from wpa_supplicant.  It works, it's clean, and it's portable.

  As an application writer.. the EAP code is designed to work with wpa_supplicant / hostapd, and not much else.  I've looked at re-using the EAP library in FreeRADIUS.  It's possible, but it doesn't expose all of the hooks, etc. needed for complex policies in a RADIUS server.

  Alan DeKok.



More information about the HostAP mailing list